forked from DGNum/infrastructure
34 lines
571 B
Nix
34 lines
571 B
Nix
|
args@{ config, lib, meta, name, sources, ... }:
|
||
|
|
||
|
let
|
||
|
inherit (lib)
|
||
|
mkEnableOption
|
||
|
mkIf;
|
||
|
|
||
|
dns = import sources."dns.nix";
|
||
|
|
||
|
cfg = config.dgn-dns;
|
||
|
in
|
||
|
|
||
|
{
|
||
|
options.dgn-dns = {
|
||
|
enable = mkEnableOption "an authoritative dns service on this server.";
|
||
|
};
|
||
|
|
||
|
|
||
|
config = mkIf cfg.enable {
|
||
|
services.nsd = {
|
||
|
enable = true;
|
||
|
|
||
|
interfaces = meta.network.${name}.addresses.public;
|
||
|
|
||
|
zones = import ./zones (args // { inherit dns; });
|
||
|
};
|
||
|
|
||
|
networking.firewall = {
|
||
|
allowedTCPPorts = [ 53 ];
|
||
|
allowedUDPPorts = [ 53 ];
|
||
|
};
|
||
|
};
|
||
|
}
|